SSL Certificate on XAMPP & Ubuntu 20.04

Couldn't find any working guides/videos/other questions online for this so I'm posting it here.
Recently installed XAMPP 7.3.27 on a Linux server running Ubuntu 20.04.
Before the install of XAMPP it ran a standard apache2 html website and I had no issues setting up Certbot for SSL on that.
However I've now been trying to get SSL set up on this new XAMPP apache server with and without Certbot and cannot get it working for the life of me.
Does anyone know how to get this set up?

Thanks,
NachoToast

1 Like

Are you running two separate Apache servers?
Did you uninstall the first working one?

It seems like you could simply use the working one to just get you a cert to be used by XAMPP.
[but I may be missing some pieces to this puzzle]

1 Like

The first working one is disabled though not uninstalled, when I go to the local and public ip of the server it shows the XAMPP website and not the apache default one which is good.
Where would I move the old certificate files for the new one, and what config files would I have to edit?

1 Like

Having two Apache web servers (running or not) is likely to confuse certbot, so you should not use it with --apache.
Which leaves:
--webroot -w /your/web/root
OR
--standalone [Which could work but could also be combined with the other Apache]

Unless I've misunderstood anything, you could probably combine all your cert needs into one Apache and then use certbot with it [either: --webroot or --apache (if certbot can deal with the two installs)]

You really need to get ride of one of the web servers and only use one.

1 Like

Ok, I've uninstalled the previous version of apache2 entirely and ran the command
sudo certbot certonly --webroot /opt/lampp/htdocs/
Adding the domains I have when prompted (ntgc.ddns.net, nachotoast.com), it returns a success in generating the certificates but the website (htdocs/index.html) now says certificate invalid.
Let's Debug says ntgc.ddns.net is all ok, and nachotoast.com is a reserved address and will fail.
Am I using the right webroot or have I done something else wrong, or perhaps I'm forgetting to change a config file somewhere?

1 Like

certonly will ONLY get a cert; it will not install it anywhere.
So nothing is (yet) using the newly issued cert.
OR
If the cert already existed, and it was updated/renewed, then you only need to reload/restart the web service that uses the cert (it doesn't know the cert changed).
If this is a new cert, then you need to change where the web server points for its' cert (to this new file location).

1 Like

Using the --webroot flag with certbot as you suggested the certificate, chain, and private key have been installed into the /etc/letsencrypt/nachotoast.com/, if this so far is correct which config files do I need to update to point towards these files?

1 Like

You need to look through XAMPP configuration to set where it uses a cert.
Possibly in this file: C:\xampp\apache\conf\extra\httpd-vhosts.conf
To be sure, let's see which files Apache is using, with:
apachectl -S

[presuming there is only one apache now, that should show us the correct info]

1 Like

I'm getting a failure, /usr/sbin/apachectl: 208: /usr/sbin/apache2: not found when executing apachectl -S.
I added a vhost to the httpd-vhosts.conf file and restart XAMPP, the vhost is configured to use the ntgc.ddns.net domain since Let's Debug says there are errors with the nachotoast.com domain.
However this still isn't working.

<VirtualHost *:443>
    DocumentRoot "/opt/lampp/htdocs/"
    ServerName ntgc.ddns.net
    SSLEngine On
    SSLCertificateFile "/etc/letsencrypt/live/nachotoast.com/fullchain.pem"
    SSLCertificateKeyFile "/etc/letsencrypt/live/nachotoast.com/privatekey.pem"
    <Directory "/opt/lampp/htdocs/">
        Order allow,deny
        Allow from all
    </Directory>
</VirtualHost>

Have I configured something wrong here?
Edit: I think I need to add a pointer to the httpd-vhosts.conf file.

1 Like

Is there a main Apache config file: httpd.conf or apache2.conf ?
find / -name apach*.conf
find / -name http*.conf

[hopefully there is only one found]

1 Like

There is a httpd.conf file in /opt/lampp/apache2/conf/ (it's the only one in the directory).

<Directory "/opt/lampp/apache2/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all
</Directory>
1 Like

Was that the only file found?
Is that all that was in it?

1 Like

That's the only httpd.conf file and that's all there is on it yes.
Edit: It also has

Alias /bitnami/ "/opt/lampp/apache2/htdocs/"
Alias /bitnami "/opt/lampp/apache2/htdocs"

at the top.

1 Like

Then you are probably running Bitnami.
[that's a complicated addition to the situation]

If so, then you need to get help with Bitnami (in mind):
Using Bitnami? Please see Bitnami's documentation! - Help - Let's Encrypt Community Support

1 Like

This has gotten stranger, although bitnami is referenced in httpd.conf there is no /opt/bitnami directory, and the command find bitnami returns no such file or directory.
I think the bitnami references are just there for compatability, and don't do anything unless you install Bitnami additionally, which I haven't done.

1 Like

Are you searched for both?

1 Like

First and second come up with

find: ‘/run/user/1000/gvfs’: Permission denied
find: ‘/run/user/125/gvfs’: Permission denied

even when using sudo, second one also find this.

/opt/lampp/etc/extra/httpd-info.conf
/opt/lampp/etc/extra/httpd-multilang-errordoc.conf
/opt/lampp/etc/extra/httpd-dav.conf
/opt/lampp/etc/extra/httpd-xampp.conf
/opt/lampp/etc/extra/httpd-ssl.conf
/opt/lampp/etc/extra/httpd-mpm.conf
/opt/lampp/etc/extra/httpd-languages.conf
/opt/lampp/etc/extra/httpd-autoindex.conf
/opt/lampp/etc/extra/httpd-manual.conf
/opt/lampp/etc/extra/httpd-default.conf
/opt/lampp/etc/extra/httpd-vhosts.conf
/opt/lampp/etc/extra/httpd-userdir.conf
/opt/lampp/etc/httpd.conf
/opt/lampp/etc/original/extra/httpd-info.conf
/opt/lampp/etc/original/extra/httpd-multilang-errordoc.conf
/opt/lampp/etc/original/extra/httpd-dav.conf
/opt/lampp/etc/original/extra/httpd-ssl.conf
/opt/lampp/etc/original/extra/httpd-mpm.conf
/opt/lampp/etc/original/extra/httpd-languages.conf
/opt/lampp/etc/original/extra/httpd-autoindex.conf
/opt/lampp/etc/original/extra/httpd-manual.conf
/opt/lampp/etc/original/extra/httpd-default.conf
/opt/lampp/etc/original/extra/httpd-vhosts.conf
/opt/lampp/etc/original/extra/httpd-userdir.conf
/opt/lampp/etc/original/httpd.conf
/opt/lampp/apache2/conf/httpd.conf

The one I previously showed is /opt/lampp/apache2/conf/httpd.conf

1 Like

What does this one have?:

1 Like

A lot of commented out stuff about how it's the main Apache HTTP server configuration file. The 2 lines that aren't commented out are:
ServerRoot /opt/lampp
and
Listen 80

1 Like

I don't think I'm going to be able to help you.

Let's try:
ps -ef |grep -i apache

[maybe there is a clue there]

1 Like